[EXT] Re: mail_crypt folder keys without sql database
aki.tuomi at open-xchange.com
Thu Aug 6 10:21:05 EEST 2020
mail_crypt_private_password cannot be hashed, as it's used to encrypt the key.
> On 06/08/2020 10:06 secure.light.0417.road <secure.light.0417.road at protonmail.com> wrote:
> I've tried to append the field "userdb_mail_crypt_private_password=<same-hashed-password-in-passwd-file>" to the end of each user line in userdb as passwd-file. And use the command below to generate keys.
> doveadm -o plugin/mail_crypt_private_password=<not-hashed-user-password> mailbox cryptokey generate -u <username> -U
> I confirmed mail encryption work properly.
> Also I've compared two "dovecot-attribute" files with and without "mail_crypt_require_encrypted_user_key = yes". Seemingly they have no difference. How to check that the private key in dovecot-attribute be encrypted properly?
> Sent with ProtonMail Secure Email.
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Thursday, August 6, 2020 1:03 AM, Aki Tuomi <aki.tuomi at open-xchange.com> wrote:
> > > On 05/08/2020 18:45 secure.light.0417.road secure.light.0417.road at protonmail.com wrote:
> > > Hello,
> > > Can the mail_crypt "folder keys" feature be used with encrypted user keys in passwd-file without sql database? It seems that there is no guide in the docs.
> > > Best regards,
> > > narangd
> > Dovecot stores folder and user keys into mail_attribute_dict. This does not have to be SQL database.
> > You can also add `userdb_mail_crypt_private_password` into passwd-file to provide it if you use passwd-file as userdb.
> > Aki
More information about the dovecot